1.9.11

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-08	CVE-2021-33203	Path Traversal vulnerability in multiple products Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. network low complexity djangoproject fedoraproject CWE-22	4.9
2019-12-18	CVE-2019-19844	Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. network low complexity djangoproject canonical CWE-640 critical	9.8
2017-04-04	CVE-2017-7234	Open Redirect vulnerability in Djangoproject Django A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability. network djangoproject CWE-601	5.8
2017-04-04	CVE-2017-7233	Open Redirect vulnerability in Djangoproject Django Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. network djangoproject CWE-601	5.8